HPE Community
Operating System - HP-UX
1826350 Members
4664 Online
109692 Solutions
New Discussion

password expiry script (For loops send multiple emails)

 
kpatel786
Frequent Advisor

‎04-20-2010 05:59 AM

‎04-20-2010 05:59 AM

password expiry script (For loops send multiple emails)

We have standard password expiry script. The for loop below sends multiple appending userlist emails.

for USER in $(cat /sysadmin/scripts/user_list_dba)
do
user_aging=$(/usr/lbin/getprpw -r -m exptm $USER)
if [ $user_aging -eq "0" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi

if [ $system_wide_aging -eq 0 ]
then
if [ $user_aging -eq "-1" ]
then
print "\nUser $USER does not have password aging enabled."
continue
fi
fi

U=$(echo $USER|cut -c 1)

exp=$(logins -x -l $USER | tail -1 | awk '{print $4}')
((exp_time = exp * 86400))
current_time=$(/sysadmin/scripts/time)

passwd_changed=$(grep u_succhg /tcb/files/auth/$U/$USER)
if [ $? = 1 ]
then
echo "User $USER : password expired\n\n" >> $REPORT_FILE
print "\nUser $USER does not have valid last successful password"
print "change date. This can happen if tsconvert is used on"
print "the command line to convert the system, instead of SAM."
continue
fi

last_change=$(grep u_succhg /tcb/files/auth/$U/$USER | \
awk -F "u_succhg#" ' {print $2}' |\
awk -F ":" ' {print $1}' )

((exp_date = last_change + exp_time))
((time_left = exp_date - current_time))
((days_left = time_left / seconds_per_day))

last_change_date=$(getprpw -r -m spwchg $USER)
expire_date=$(echo 0d${exp_date}=Y | adb -o | cut -c 17-27)
set -x
# if [ $days_left -gt 1 ] and [ $days_left -lt 8 ]# hashed to test 18-11-09
# if [ $days_left -lt 9 ]# changed for test
if [ "$days_left" -lt "9" ]
then
print "User $USER on $HOST has $days_left days left until password expires."
print "User $USER on $HOST last changed the password on: $last_change_date."
print "User $USER on $HOST - password will expire on: $expire_date.\n"
echo "User $USER : password will expire on $expire_date\n\n" >> $REPORT_FILE
MAILTO="DL-OffshoreHP-UX@candid.co.uk"
mailx -s "HOST1 Password_Status" $MAILTO < $REPORT_FILE
else
print "User $USER: password has expired\n"
echo "User $USER : password expired\n\n" >> $REPORT_FILE
# modprpw -l -v $USER
fi
done


Please assist, as I require only one consolidate mail to go rather than multiple mails.
0 Kudos
Reply
7 REPLIES 7
Tim Nelson
Honored Contributor

‎04-20-2010 06:07 AM

‎04-20-2010 06:07 AM

Re: password expiry script (For loops send multiple emails)

instead of emailing in the loop, send the output from each if statement to a file.

At the end cat(or attach) the file(s) into an email.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-20-2010 06:12 AM

‎04-20-2010 06:12 AM

Re: password expiry script (For loops send multiple emails)

Hi:

You asked this very question here (my memory is quite good, you see):

http://forums.itrc.hp.com/service/forums/questionanswer.do?threadId=1403117

... AND I offered you a solution then. Please re-evaluate the thread above and if you are happy with the answers, read and follow:

http://forums11.itrc.hp.com/service/forums/helptips.do?#28

...JRF...

0 Kudos
Reply
kpatel786
Frequent Advisor

‎04-20-2010 06:23 AM

‎04-20-2010 06:23 AM

Re: password expiry script (For loops send multiple emails)

Sorry for that, however that is solving my problem. Since the email sent does not go as expected.
The email should go 8 days prior to expiry but when put outside the loop it will go every week as scheduled in the cron. So the problem is still there though if I put it outside the loop.
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-20-2010 06:32 AM

‎04-20-2010 06:32 AM

Re: password expiry script (For loops send multiple emails)

Hi (again):

> The email should go 8 days prior to expiry but when put outside the loop it will go every week as scheduled in the cron. So the problem is still there though if I put it outside the loop.

Move the 'mailx' call outside the loop. Modify your 'crontab' to run every day instead of weekly.

You can test for an empty REPORT_FILE and skip the mailing if there are no candidates meeting your criteria.

Regards!

...JRF...
0 Kudos
Reply
kpatel786
Frequent Advisor

‎04-20-2010 06:38 AM

‎04-20-2010 06:38 AM

Re: password expiry script (For loops send multiple emails)

The problem is there is no empty file. The file gets updated with some or other output. Have tried the above option the email anyway goes with the user list, in this case for more than 8 days expiry.
For which I have been receiving quite a few bashing from the users :-(

0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎04-20-2010 06:46 AM

‎04-20-2010 06:46 AM

Re: password expiry script (For loops send multiple emails)

Hi (again):

> The problem is there is no empty file. The file gets updated with some or other output.

Fine, then change your script to use new file *only* to collect your password expiration candidates. Then, test that file for emptiness. If there is data in the file, append it (if necessary) to the '${REPORT_FILE}' and send the whole thing.

Regards!

...JRF...
0 Kudos
Reply
kpatel786
Frequent Advisor

‎04-20-2010 07:01 AM

‎04-20-2010 07:01 AM

Re: password expiry script (For loops send multiple emails)

Thanks I will try that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.